Skip to content

‣ Secure Connect Bundle

📖 Reference Documentation and resources
  1. 📖 Astra Docs - Download Cloud Secure Bundle
  2. 🎥 Youtube Video - Walk through secure

A - Overview

To initialize a secured 2-way TLS connection between clients and Astra x509 certificates are needed. The strong authentication is key for maximum security and still benefits from robust driver features (health-check, load-balancing, fail-over). Under the hood the protocol SNI over TCP is used to contact each node independently.

The configuration and required certificates are provided to the user through a zip file called the secure connect bundle which can be downloaded for each DATABASE REGION. This means that a database deployed across multiple regions will have one secure connect bundle per region. (1 region = 1 underlying Apache Cassandra™ datacenter)

B - Prerequisites

C - Procedure

Not a fan of user interfaces ?

The procedure on this page describes how to download the secure connect bundle through the user interface. If you have the CLI installed you can also go with a astra db download-scb my_db. More information on the CLI page

✅ Step 1 : Go to your database's Connect Quick Start

Once you sign in and land on your Astra Home, reach the Quick Start page for the database whose Secure Connect Bundle you want to obtain. You can do so either through the database list in the left-panel navigation bar, or from the Databases overview in the main panel:

From the navigation bar

The right-hand navigation bar lists your most commonly-used databases under the "Databases" heading. Click on the desired database.

(Note: the side navigation bar might be collapsed. Click on the "DS" logo at the top to expand it.)

The main panel will show the database-specific dashboard. Locate the "Connect" button on the top right and click on it.

From the overall database dashboard

Alternatively, click on the "Databases" entry in the left-hand navigation bar to get to the main databases dashboard.

(Note: the side navigation bar might be collapsed. Click on the "DS" logo at the top to expand it.)

Locate the desired database in the list in the main panel and click on the corresponding "Connect" button in the table.

✅ Step 2 : Download the bundle ZIP

The "Quick Start" section features a "Get Bundle" button. Click on it to bring up the download-bundle dialog.

Your database might be multi-region (remember there is a separate bundle for each DB region). In the dialog, choose the desired region for which you need the bundle: a download URL is now generated for you. You now have several options to download the file:

  1. get the file directly with the "Download Secure Bundle" button;
  2. copy the generated URL to the bundle, by clicking on the "clipboard" icon, and use it wherever you want (within a few minutes, before the link expires);
  3. directly copy a ready-made cURL command to paste in a console and have the downloaded bundle zipfile there;
  4. similar to the previous case, but using the wget console utility.


  • If you download the file directly, be aware that most browsers will give you the option to open the zip file directly. Do not do that, save it locally instead: the bundle zipfile has to be passed to the drivers as is!

  • The link to the bundle zipfile will expire a few minutes after it is generated. If you wait too long, you might end up with a faulty bundle. As a check, make sure the zipfile you downloaded is around 12-13 KB in size.

Last update: 2023-07-31